Google has launched a security exchange for its Chrome desktop and Android browsers. The exchange brings the safe channel mannequin of Chrome to 103.0.5060.134 on the desktop, and to 103.0.5060.129 on Android.
The protection exchange is already accessible. Most Chrome browsers will receive the exchange routinely, because of the built-in automated updating efficiency. Chrome clients may velocity up the arrange of the security exchange on desktop variations of Chrome by loading chrome://settings/help within the browser’s take care of bar.
The current mannequin is displayed on the internet web page and Chrome runs a confirm for updates to hunt out out if a model new mannequin is obtainable. If not put in already, Chrome will receive and arrange the security exchange. A restart is required to complete the enhance. The Android mannequin of Chrome doesn’t assist such an selection, as updates are distributed solely by Google Play.
Google Chrome 103 security fixes
Google printed an article on the Chrome Releases Weblog to inform Chrome clients and administrators regarding the exchange. The weblog put up confirms that 11 fully totally different security factors are patched throughout the new Chrome launch. Six of these, all reported by third-party researchers, are talked about notably on the weblog. Google doesn’t guidelines security factors that it found internally on the weblog.
Essentially the most severity rating of all 11 security factors is extreme, the second highest after important. Right here is the entire guidelines as reported by Google:
- [$16000] Excessive CVE-2022-2477 : Use after free in Visitor View. Reported by anonymous on 2022-06-14
- [$7500] Excessive CVE-2022-2478 : Use after free in PDF. Reported by triplepwns on 2022-06-13
- [$3000] Excessive CVE-2022-2479 : Inadequate validation of untrusted enter in File. Reported by anonymous on 2022-05-28
- [$NA] Excessive CVE-2022-2480 : Use after free in Service Employee API. Reported by Sergei Glazunov of Google Venture Zero on 2022-06-27
- [$TBD] Excessive CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul Nationwide College on 2022-07-04
- [$7000] Low CVE-2022-2163: Use after free in Forged UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21
Google makes no level out of assaults throughout the wild. It stays to be actually helpful to interchange Chrome to the most recent mannequin as shortly as potential.
Google launched the first Chrome 103 launch earlier this month; this exchange included a restore for a 0-day vulnerability that was exploited throughout the wild.
Now You: do you use Google Chrome?